Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Believe Vundo Trojan still present


  • This topic is locked This topic is locked
20 replies to this topic

#1 tkoboxers1

tkoboxers1

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 14 January 2009 - 10:20 AM

Hi,
Origonaly had post open in am I infected with malware. Problem is that on startup I get lots of errors saying "The Aplication or DLL C:\WINDOWS\system32\denekilo.dll is not a valid Windows image. Please check this against your installation diskette" and then same for zotepuwa.dll, this also happens anytime I double click on anything. Was told after trying multiple spyware checkers, AFT-Cleaner and SDFix that a hijackthis log was next step. Tried running dds as told, but this crashed my computer so instead here is actual hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:52:39 AM, on 01/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe
C:\Program Files\CA\SC\CAM\bin\cam.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Program Files\IBM\Lotus\Notes\nslsvice.exe
D:\Program Files\IBM\Lotus\Notes\ntmulti.exe
D:\edited\Oracle\Oracle10g\bin\ocssd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
D:\edited\Instruments\WDHCPServerSvc.exe
C:\Program Files\CA\DSM\bin\caf.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\CA\DSM\Bin\cfsmsmd.exe
C:\Program Files\CA\DSM\Bin\ccnfagent.exe
C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe
C:\Program Files\CA\DSM\Bin\ccsmagtd.exe
C:\Program Files\CA\DSM\Bin\amswmagt.exe
C:\Program Files\CA\DSM\PMAgent\capmuamagt.exe
C:\Program Files\CA\DSM\Bin\cfftplugin.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\HJT_programbackups\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.edited.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DsmSxplog] "C:\Program Files\CA\DSM\Bin\sxpstub.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CAF_SystemTray] "C:\Program Files\CA\DSM\bin\cfSysTray.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - https://secure.editeds.com/vdesk/terminal/u...,2008,0110,2011
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\DOCUME~1\user\LOCALS~1\Temp\IXP000.TMP\InstallerControl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://secure.edited.com/vdesk/terminal/ur...,2008,0110,2004
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://secure.edited.com/vdesk/terminal/ur...,2007,1127,0234
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://secure.edited.com/vdesk/terminal/ur...,2008,0110,2007
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://remote.edited.com/dana-cached/setup...perSetupSP1.cab
O16 - DPF: {EE5E646C-4D96-4DAD-A362-C210B507A0B2} (SAP KM DocService Control) - http://sapapp7.edited.com:57100/irj/go/km/.../DocService.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.edited.com
O17 - HKLM\Software\..\Telephony: DomainName = corp.edited.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.edited.com
O20 - AppInit_DLLs: C:\WINDOWS\system32\zotepuwa.dll c:\windows\system32\denekilo.dll c:\windows\system32\
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (file missing)
O20 - Winlogon Notify: CAF - C:\Program Files\CA\DSM\Bin\cfwlogon.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CA Message Queuing Server (CA-MessageQueuing) - CA, Inc. - C:\Program Files\CA\SC\CAM\bin\cam.exe
O23 - Service: CA DSM r11 Common Application Framework. (caf) - CA - C:\Program Files\CA\DSM\bin\caf.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lotus Notes Single Logon - IBM Corp - D:\Program Files\IBM\Lotus\Notes\nslsvice.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - D:\Program Files\IBM\Lotus\Notes\ntmulti.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OracleCSService - Unknown owner - D:\edited\Oracle\Oracle10g\bin\ocssd.exe
O23 - Service: Oraclededited10gSNMPPeerEncapsulator - Unknown owner - D:\edited\Oracle\Oracle10g\BIN\ENCSVC.EXE
O23 - Service: Oracleedited10gSNMPPeerMasterAgent - Unknown owner - D:\edited\Oracle\Oracle10g\BIN\AGNTSVC.EXE
O23 - Service: OracleServiceWAT6 - Oracle Corporation - d:\edited\oracle\oracle10g\bin\ORACLE.EXE
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: edited DHCP Server - edited - D:\edited\Instruments\WDHCPServerSvc.exe
O23 - Service: editedMgrService - Unknown owner - C:\WINDOWS\system32\editedService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12210 bytes

Have edited some of the names where this has happened have put edited.

Do see denekilo.dll and zotepuwa.dll listed on the log.
Thanks in advance for your help.

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 14 January 2009 - 10:32 AM

Have edited some of the names where this has happened have put edited.


Hello.. What do you mean by above.. Answer it and do below please :thumbsup:


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 tkoboxers1

tkoboxers1
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 14 January 2009 - 12:04 PM

Have edited some of the names as edited as this computer contains some work information and I dont want that to be posted where then anyone could google it. As these names do correspond to work info though I dont believe that they would be part of the Vundo. Now in hijack this it shows the two .dll's I am having problems with can I just get hijackthis to fix them after all they would be backed up and could add them back again.

Malwarebytes' Anti-Malware 1.32
Database version: 1652
Windows 5.1.2600 Service Pack 3

01/14/2009 10:28:37 AM
mbam-log-2009-01-14 (10-28-37).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 182385
Time elapsed: 41 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Thanks in advance.

#4 tkoboxers1

tkoboxers1
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 14 January 2009 - 12:05 PM

Here are the RSIT logs part 1

Logfile of random's system information tool 1.05 (written by random/random)
Run by underhia at 2009-01-14 10:31:55
Microsoft Windows XP Professional Service Pack 3
System drive C: has 34 GB (66%) free of 51 GB
Total RAM: 3536 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:09 AM, on 01/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe
C:\Program Files\CA\SC\CAM\bin\cam.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Program Files\IBM\Lotus\Notes\nslsvice.exe
D:\Program Files\IBM\Lotus\Notes\ntmulti.exe
D:\edited\Oracle\Oracle10g\bin\ocssd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe

C:\Program Files\CA\DSM\bin\caf.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\CA\DSM\Bin\cfsmsmd.exe
C:\Program Files\CA\DSM\Bin\ccnfagent.exe
C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe
C:\Program Files\CA\DSM\Bin\ccsmagtd.exe
C:\Program Files\CA\DSM\Bin\amswmagt.exe
C:\Program Files\CA\DSM\PMAgent\capmuamagt.exe
C:\Program Files\CA\DSM\Bin\cfftplugin.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\Desktop\RSIT.exe
C:\HJT_programbackups\underhia.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.edited.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DsmSxplog] "C:\Program Files\CA\DSM\Bin\sxpstub.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CAF_SystemTray] "C:\Program Files\CA\DSM\bin\cfSysTray.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - https://secure.edited.com/vdesk/terminal/ur...,2008,0110,2011
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\DOCUME~1\user\LOCALS~1\Temp\IXP000.TMP\InstallerControl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://secure.edited.com/vdesk/terminal/ur...,2008,0110,2004
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://secure.edited.com/vdesk/terminal/ur...,2007,1127,0234
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://secure.edited.com/vdesk/terminal/ur...,2008,0110,2007
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://remote.edited.com/dana-cached/setup...perSetupSP1.cab
O16 - DPF: {EE5E646C-4D96-4DAD-A362-C210B507A0B2} (SAP KM DocService Control) - http://sapapp7.edited.com:57100/irj/go/km/.../DocService.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.edited.com
O17 - HKLM\Software\..\Telephony: DomainName = corp.edited.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.edited.com
O20 - AppInit_DLLs: C:\WINDOWS\system32\zotepuwa.dll c:\windows\system32\denekilo.dll c:\windows\system32\
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (file missing)
O20 - Winlogon Notify: CAF - C:\Program Files\CA\DSM\Bin\cfwlogon.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CA Message Queuing Server (CA-MessageQueuing) - CA, Inc. - C:\Program Files\CA\SC\CAM\bin\cam.exe
O23 - Service: CA DSM r11 Common Application Framework. (caf) - CA - C:\Program Files\CA\DSM\bin\caf.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lotus Notes Single Logon - IBM Corp - D:\Program Files\IBM\Lotus\Notes\nslsvice.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - D:\Program Files\IBM\Lotus\Notes\ntmulti.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OracleCSService - Unknown owner - D:\Empower\Oracle\Oracle10g\bin\ocssd.exe

O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

O23 - Service: editedMgrService - Unknown owner - C:\WINDOWS\system32\editedMgrService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12307 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-24 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VMware hqtray"=C:\Program Files\VMware\VMware Player\hqtray.exe [2008-03-03 55856]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2008-05-22 442467]
"QuickTime Task"=D:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-07-09 141848]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2008-02-26 128296]
"nwiz"=nwiz.exe /installquiet []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-04-16 86016]
"NVHotkey"=C:\WINDOWS\system32\nvHotkey.dll [2008-04-16 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-04-16 13529088]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-07-09 150040]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-06-15 178712]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-07-09 170520]
"DsmSxplog"=C:\Program Files\CA\DSM\Bin\sxpstub.exe [2007-10-28 24328]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-01-31 115560]
"CAF_SystemTray"=C:\Program Files\CA\DSM\bin\cfSysTray.exe [2007-10-28 124168]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2008-06-02 2220032]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2008-04-30 196608]
"AESTFltr"=C:\WINDOWS\system32\AESTFltr.exe [2008-04-01 466944]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-24 68856]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\zotepuwa.dll c:\windows\system32\denekilo.dll c:\windows\system32\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\CAF]
C:\Program Files\CA\DSM\Bin\cfwlogon.dll [2007-10-28 27400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-06-27 212992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\zotepuwa.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe"="C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service"
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE"="C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service"
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\National Instruments\MAX\NIMax.exe"="C:\Program Files\National Instruments\MAX\NIMax.exe:*:Enabled:NIMax"
"D:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.5.0.SR4-200707311521\jre\bin\notes2w.exe"="D:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.5.0.SR4-200707311521\jre\bin\notes2w.exe:*:Enabled:Lotus Notes"
"D:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.6.0.20080709-200808010926\jre\bin\notes2w.exe"="D:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.6.0.20080709-200808010926\jre\bin\notes2w.exe:*:Disabled:Lotus Notes"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\National Instruments\MAX\NIMax.exe"="C:\Program Files\National Instruments\MAX\NIMax.exe:*:Enabled:NIMax"
"D:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.6.0.20080709-200808010926\jre\bin\notes2w.exe"="D:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.6.0.20080709-200808010926\jre\bin\notes2w.exe:*:Enabled:Lotus Notes"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##maog#edited2004]
shell\AutoRun\command - wscript.exe .\.vbs
shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\DTSP_Launcher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c1e40b6-b823-11dd-b324-005056c00008}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7876bf92-dcf8-11dd-b33e-005056c00008}]
shell\AutoRun\command - F:\DTSP_Launcher.exe


======List of files/folders created in the last 3 months======

2009-01-14 10:31:55 ----D---- C:\rsit
2009-01-14 08:47:24 ----D---- C:\HJT_programbackups
2009-01-13 20:21:04 ----D---- C:\WINDOWS\Minidump
2009-01-13 17:04:01 ----SHD---- C:\Config.Msi
2009-01-12 21:03:22 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-12 21:00:36 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-12 21:00:25 ----D---- C:\Program Files\SUPERAntiSpyware
2009-01-12 21:00:25 ----D---- C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
2009-01-12 18:32:31 ----D---- C:\Documents and Settings\user\Application Data\WinRAR
2009-01-12 17:45:22 ----D---- C:\WINDOWS\ERUNT
2009-01-12 17:38:37 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-12 17:35:39 ----D---- C:\SDFix
2009-01-12 15:58:06 ----D---- C:\Documents and Settings\user\Application Data\Malwarebytes
2009-01-12 15:57:46 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-12 15:57:46 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-12 08:53:40 ----D---- C:\Documents and Settings\user\Application Data\Saba
2009-01-12 08:53:08 ----D---- C:\Documents and Settings\user\Application Data\Centra
2009-01-12 08:52:51 ----D---- C:\Program Files\Centra
2009-01-07 14:23:18 ----D---- C:\WINDOWS\$MassLynxRepair$
2009-01-07 14:23:18 ----D---- C:\Program Files\Micromass Utilities
2009-01-07 14:23:17 ----D---- C:\MassLynx
2009-01-07 14:22:21 ----D---- C:\Documents_and_Settings
2009-01-07 14:21:48 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-07 14:21:48 ----A---- C:\WINDOWS\system32\java.exe
2009-01-07 14:21:38 ----D---- C:\Program Files\JavaSoft
2009-01-05 09:03:10 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-01-05 09:03:10 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-17 16:41:27 ----D---- C:\Program Files\Windows Live Safety Center
2008-12-17 16:24:04 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-17 16:23:52 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-17 16:23:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-17 16:23:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-17 16:23:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-17 16:21:33 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-17 16:19:37 ----A---- C:\WINDOWS\system32\SETF3.tmp
2008-12-17 16:19:36 ----A---- C:\WINDOWS\system32\SETF5.tmp
2008-12-17 16:19:36 ----A---- C:\WINDOWS\system32\SETF4.tmp
2008-12-17 16:19:35 ----A---- C:\WINDOWS\system32\SETF6.tmp
2008-12-03 17:53:18 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2008-12-03 17:53:18 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2008-12-03 17:53:17 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2008-12-03 17:53:17 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2008-12-03 17:53:17 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2008-12-03 17:53:17 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2008-12-03 17:53:17 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2008-12-03 17:53:17 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2008-12-03 17:53:17 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2008-12-03 17:53:17 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2008-12-03 17:53:16 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-12-03 17:53:16 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-12-03 17:53:16 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-12-03 17:53:16 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-12-03 17:53:16 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2008-12-03 17:53:16 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-12-03 17:53:16 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2008-12-03 17:53:16 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-12-03 17:53:16 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2008-12-03 17:53:16 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-12-03 17:53:15 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-12-03 17:53:15 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-12-03 17:53:15 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2008-12-03 17:53:15 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-12-03 17:53:15 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-12-03 17:53:15 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-12-03 17:53:15 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-12-03 17:53:14 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-12-03 17:53:14 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2008-12-03 17:53:14 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2008-12-03 17:53:14 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-12-03 17:53:13 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2008-12-03 17:53:13 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2008-12-03 17:53:13 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2008-12-03 17:53:13 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2008-12-03 17:53:13 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2008-12-03 17:53:13 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2008-12-03 17:53:13 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2008-12-03 17:53:13 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2008-12-03 17:53:12 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2008-12-03 17:53:12 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2008-12-03 17:53:12 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2008-12-03 17:53:12 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-12-03 17:53:11 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2008-12-03 17:53:11 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2008-12-03 17:53:11 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2008-12-03 17:53:10 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-12-03 17:53:10 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2008-12-03 17:53:10 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-12-03 17:53:10 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-12-03 17:53:10 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2008-12-03 17:53:10 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-12-03 17:53:10 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-12-03 17:53:09 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-12-03 17:53:09 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-12-03 17:53:06 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-12-03 17:53:06 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-12-03 17:53:06 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-12-03 17:53:06 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-12-03 17:53:06 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-12-03 17:53:06 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-12-03 17:53:05 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-12-03 17:53:05 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-12-03 17:53:05 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-12-03 17:50:54 ----D---- C:\WINDOWS\Logs
2008-12-03 17:42:08 ----D---- C:\Documents and Settings\user\Application Data\My Games
2008-12-03 17:29:54 ----D---- C:\Program Files\Firaxis Games
2008-12-03 17:29:27 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-12-03 14:56:46 ----D---- C:\Documents and Settings\user\Application Data\WholeSecurity
2008-11-23 20:32:14 ----D---- C:\Documents and Settings\user\Application Data\Macromedia
2008-11-21 17:23:25 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-11-21 17:07:16 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-21 17:07:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-21 17:06:55 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-21 17:06:51 ----D---- C:\Program Files\MSXML 4.0
2008-11-05 11:09:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-05 11:09:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-05 11:09:49 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-05 11:09:44 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-05 11:09:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-05 11:08:35 ----HDC---- C:\WINDOWS\$NtUninstallKB953155$
2008-11-05 11:08:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-05 11:08:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-24 08:53:24 ----D---- C:\Documents and Settings\user\Application Data\Bullzip
2008-10-23 06:36:14 ----A---- C:\WINDOWS\system32\SETEF.tmp
2008-10-15 00:21:44 ----A---- C:\WINDOWS\system32\dsGinaLoader.dll

======List of files/folders modified in the last 3 months======

2009-01-14 10:31:30 ----D---- C:\WINDOWS\Prefetch
2009-01-14 10:25:42 ----D---- C:\WINDOWS\Temp
2009-01-14 09:22:45 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-14 08:25:03 ----D---- C:\WINDOWS\system32
2009-01-14 08:25:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-14 08:24:54 ----D---- C:\WINDOWS\system32\inetsrv
2009-01-14 08:22:23 ----D---- C:\WINDOWS
2009-01-14 08:20:56 ----D---- C:\Documents and Settings\All Users\Application Data\VMware
2009-01-14 08:19:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-13 20:21:07 ----SHD---- C:\WINDOWS\CSC
2009-01-13 17:04:05 ----SHD---- C:\WINDOWS\Installer
2009-01-13 17:04:05 ----D---- C:\WINDOWS\system32\appmgmt
2009-01-13 17:04:05 ----D---- C:\Program Files\Common Files
2009-01-12 21:04:19 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-12 21:04:19 ----HD---- C:\WINDOWS\inf
2009-01-12 21:04:17 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-12 21:00:25 ----RD---- C:\Program Files
2009-01-12 15:57:55 ----D---- C:\WINDOWS\system32\drivers
2009-01-12 08:35:14 ----SHD---- C:\System Volume Information
2009-01-12 08:35:14 ----D---- C:\WINDOWS\system32\Restore
2009-01-12 08:32:28 ----SH---- C:\boot.ini
2009-01-12 08:32:28 ----A---- C:\WINDOWS\win.ini
2009-01-12 08:32:28 ----A---- C:\WINDOWS\system.ini
2009-01-07 20:20:26 ----D---- C:\WINDOWS\Help
2009-01-07 20:16:13 ----D---- C:\WINDOWS\pss
2009-01-07 14:21:13 ----D---- C:\Program Files\Common Files\InstallShield
2008-12-22 15:55:32 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-22 15:40:53 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-22 15:40:50 ----D---- C:\WINDOWS\system32\DirectX
2008-12-22 15:40:41 ----RSD---- C:\WINDOWS\assembly
2008-12-19 10:29:29 ----D---- C:\WINDOWS\security
2008-12-17 16:41:27 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-17 16:24:08 ----A---- C:\WINDOWS\imsins.BAK
2008-12-17 16:24:03 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-17 16:23:14 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-17 12:12:17 ----ASH---- C:\WINDOWS\system32\tatunulo.dll
2008-12-17 12:12:16 ----ASH---- C:\WINDOWS\system32\denekilo.dll
2008-12-16 18:07:49 ----ASH---- C:\WINDOWS\system32\lohemifa.dll
2008-12-16 18:07:48 ----ASH---- C:\WINDOWS\system32\yinuyoni.dll
2008-12-16 17:09:11 ----ASH---- C:\WINDOWS\system32\gidopafi.dll
2008-12-12 11:01:00 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-08 20:35:14 ----ASH---- C:\WINDOWS\system32\nubobevu.dll
2008-12-03 17:40:37 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-03 17:29:29 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-25 07:38:19 ----D---- C:\WINDOWS\system32\Macromed
2008-11-21 17:32:19 ----SHD---- C:\RECYCLER
2008-11-21 17:06:52 ----D---- C:\WINDOWS\WinSxS
2008-11-21 08:36:48 ----D---- C:\Documents and Settings\user\Application Data\Juniper Networks
2008-11-07 16:45:32 ----A---- C:\WINDOWS\system32\WMVCore.dll
2008-10-23 06:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 04:06:59 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-15 19:00:11 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-15 19:00:11 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-15 19:00:10 ----A---- C:\WINDOWS\system32\shdocvw.dll
2008-10-15 10:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2007-07-23 30064]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2008-03-21 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-10-30 191536]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WPS;WPS; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\Drivers\DLABMFSM.SYS [2007-07-23 37360]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\Drivers\DLABOIOM.SYS [2007-07-23 32848]
R2 DLADResM;DLADResM; C:\WINDOWS\System32\Drivers\DLADResM.SYS [2007-07-23 9104]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS [2007-07-23 108752]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS [2007-07-23 27216]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\Drivers\DLAPoolM.SYS [2007-07-23 16304]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS [2007-07-23 98448]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS [2007-07-23 93552]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2007-07-23 52000]
R2 hcmon;VMware hcmon; \??\C:\WINDOWS\system32\Drivers\hcmon.sys []
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 VMnetBridge;VMware Bridge Protocol; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [2008-03-03 28592]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys []
R2 vmx86;VMware vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys []
R2 vstor2;Vstor2 Virtual Storage Driver; \??\C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys []
R3 AESTAud;AE Audio Service; C:\WINDOWS\system32\drivers\AESTAud.sys [2008-05-20 108160]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2008-04-18 170032]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-06-02 1287552]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-02-04 37160]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-04-15 990632]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 cvusbdrv;Broadcom USH CV; C:\WINDOWS\System32\Drivers\cvusbdrv.sys [2008-05-09 29224]
R3 dsNcAdpt;Juniper Network Connect Adapter; C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2007-12-27 23552]
R3 e1yexpress;Intel® Gigabit Network Connections Driver; C:\WINDOWS\system32\DRIVERS\e1y5132.sys [2008-04-04 244368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-06-27 6023072]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service; C:\WINDOWS\system32\drivers\IntcHdmi.sys [2008-06-13 110080]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090113.024\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090113.024\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2008-03-21 279088]
R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2008-05-22 1381914]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-10-30 27696]
R3 Teefer2;Teefer2 Miniport; C:\WINDOWS\system32\DRIVERS\teefer2.sys [2008-03-12 49536]
R3 urvpndrv;F5 Networks VPN Adapter; C:\WINDOWS\system32\DRIVERS\urvpndrv.sys [2008-01-10 27904]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBCCID;USB Smart Card reader; C:\WINDOWS\system32\DRIVERS\usbccid.sys [2005-05-13 28672]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vmkbd;VMware kbd; \??\C:\WINDOWS\system32\drivers\VMkbd.sys []
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2008-03-03 16816]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 WpsHelper;WpsHelper; \??\C:\WINDOWS\system32\drivers\WpsHelper.sys []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-09-20 156392]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-03-27 47272]
S3 catchme;catchme; \??\C:\DOCUME~1\user\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys []
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 DFUBTUSB;WIDCOMM USB Bluetooth Driver in DFU State; C:\WINDOWS\System32\Drivers\frmupgr.sys []
S3 f5ipfw;F5 Networks StoneWall Filter; \??\C:\WINDOWS\system32\drivers\urfltw2k.sys []
S3 HECI;Intel® Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys []
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NETw5x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit ; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-04-16 6557760]
S3 NWDellPort2;Dell Wireless Mobile Broadband Status2 Port Driver; C:\WINDOWS\system32\DRIVERS\nwdelser2.sys [2007-11-02 166144]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2007-06-14 27072]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2008-03-21 317616]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-05-05 342672]
R2 caf;CA DSM r11 Common Application Framework.; C:\Program Files\CA\DSM\bin\caf.exe [2007-10-28 193800]
R2 CA-MessageQueuing;CA Message Queuing Server; C:\Program Files\CA\SC\CAM\bin\cam.exe [2006-12-12 147456]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-31 108392]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-31 108392]
R2 dsNcService;Juniper Network Connect Service; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [2008-10-15 427376]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-06-15 354840]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 Lotus Notes Single Logon;Lotus Notes Single Logon; D:\Program Files\IBM\Lotus\Notes\nslsvice.exe [2008-08-08 31624]
R2 MSFtpsvc;FTP Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 Multi-user Cleanup Service;Multi-user Cleanup Service; D:\Program Files\IBM\Lotus\Notes\ntmulti.exe [2008-08-08 58760]
R2 OracleCSService;OracleCSService; D:\edited\Oracle\Oracle10g\bin\ocssd.exe [2005-02-15 830364]
R2 SmcService;Symantec Management Client; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [2008-05-09 2479488]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 STacSV;Audio Service; c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe [2008-05-22 221273]
R2 Symantec AntiVirus;Symantec Endpoint Protection; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2008-05-09 2240944]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Player\vmware-authd.exe [2008-03-03 109104]
R2 VMnetDHCP;VMware DHCP Service; C:\WINDOWS\system32\vmnetdhcp.exe [2008-03-03 121392]
R2 vmount2;VMware Virtual Mount Manager Extended; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe [2007-03-23 269104]
R2 VMware NAT Service;VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [2008-03-03 150064]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]

R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2008-06-02 24064]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-04-16 159812]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-23 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-23 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-28 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-13 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-08-11 3093872]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 Oracleedited10gSNMPPeerEncapsulator;OracleEmpower10gSNMPPeerEncapsulator; D:\Empower\Oracle\Oracle10g\BIN\ENCSVC.EXE [2008-07-23 187392]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SNAC;Symantec Network Access Control; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [2008-05-11 288136]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-07-11 69632]

S4 OracleJobSchedulerWAT6;OracleJobSchedulerWAT6; d:\edited\oracle\oracle10g\Bin\extjob.exe [2005-02-21 52048]

-----------------EOF-----------------

#5 tkoboxers1

tkoboxers1
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 14 January 2009 - 12:06 PM

Here is RSIT log part 2

info.txt logfile of random's system information tool 1.05 2009-01-14 10:32:11

======Uninstall list======

-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {60669D86-6F8E-4D67-8F0E-0D6B88F6F780}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Bullzip PDF Printer 4.0.0.564-->"D:\Program Files\Bullzip\PDF Printer\unins000.exe"
CA Unicenter DSM Agent + Asset Management Plugin-->MsiExec.exe /X{624FA386-3A39-4EBF-9CB9-C2B484D78B29}
CA Unicenter DSM Agent + Software Delivery Plugin-->MsiExec.exe /X{62ADA55C-1B98-431F-8618-CDF3CE4CFEEC}
Centra Client-->C:\PROGRA~1\Centra\Client\bin\updater.exe -uninstall
Dell Resource CD-->MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Dell Wireless WLAN Card Utility-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
edited Personal-->MsiExec.exe /X{C117BCBE-7988-4129-9247-BCEC5D887F35}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
GPL Ghostscript Lite 8.61-->"D:\Program Files\Bullzip\PDF Printer\gs\unins000.exe"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\HJT_programbackups\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
IDT Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\SETUP.exe" -l0x9 -remove -removeonly
Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel® Network Connections Drivers-->Prounstl.exe
Intel® Matrix Storage Manager-->C:\WINDOWS\system32\imsmudlg.exe -uninstall
Java 2 Runtime Environment Standard Edition v1.3.1-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1\Uninst.isu"
Juniper Networks Network Connect 6.0.0-->"C:\Program Files\Juniper Networks\Network Connect 6.0.0\uninstall.exe"
LiveUpdate 3.3 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Lotus Notes 8.0.2-->MsiExec.exe /X{D671062E-44AF-4DC6-AD89-92921D1E1779}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Micromass MassLynx V4.0-->MsiExec.exe /I{65D45A72-A58F-11D4-BDB2-00508B6D516A}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Standard 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall STANDARD /dll OSETUP.DLL
Microsoft Office Standard 2007-->MsiExec.exe /X{90120000-0012-0000-0000-0000000FF1CE}
Microsoft Office Visio Viewer 2007-->MsiExec.exe /I{95120000-0052-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft redistributable runtime DLLs VS2005 SP1(x86)-->MsiExec.exe /I{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MSXML4.0 redistributable-->MsiExec.exe /I{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x9 -cluninstall
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RICOH R5C83x/84x Media Driver Ver.3.53.02-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ED8-B104-03393876DFDF}
Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
SAP Business Explorer-->"C:\Program Files\SAP\SAPsetup\setup\NwSapSetup.exe" /product="SAPBI" /uninstall
SAP GUI 7.10-->"C:\Program Files\SAP\SAPsetup\setup\NwSapSetup.exe" /uninstall /product="ECL710+GUI710TWEAK+BW350+KW710+GUI710ISHMED+SAPGUI710" /TitleComponent:"SAPGUI710" /IgnoreMissingProducts
SAP Viewer 6.0-->C:\WINDOWS\IsUninst.exe -f"D:\Program Files\Common Files\SAP Shared\System\Uninst.isu"
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Sid Meier's Civilization 4 - Beyond the Sword-->C:\Program Files\InstallShield Installation Information\{32E4F0D2-C135-475E-A841-1D59A0D22989}\setup.exe -runfromtemp -l0x0009 -removeonly
Sid Meier's Civilization 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
Sonic CinePlayer Decoder Pack-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Professional-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec Endpoint Protection-->MsiExec.exe /X{2E2966EA-2169-4E42-8A8A-CC1749D80088}
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{0E0479F8-180F-4054-B4F7-17EE657F90BF}\setup.exe -runfromtemp -l0x0409
TUGZip 3.4-->"D:\Program Files\TUGZip\unins000.exe"
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb958619)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {79B301C1-DBC0-467C-AFDA-2A6CDAFA4302}
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
VMware Player-->MsiExec.exe /I{A53A11EA-0095-493F-86FA-A15E8A86A405}

WIDCOMM Bluetooth Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: Symantec Endpoint Protection
FW: Symantec Endpoint Protection

System event log

Computer Name: UNDERHI-JT93DH1
Event Code: 34
Message: () Starting up: 0x8a52f8c0, \REGISTRY\MACHINE\SYSTEM\Contr

Record Number: 15656
Source Name: VMnetAdapter
Time Written: 20090107141723.000000-360
Event Type: information
User:

Computer Name: UNDERHI-JT93DH1
Event Code: 26
Message: Application popup: bcmwltry.exe - Bad Image : The application or DLL c:\windows\system32\denekilo.dll is not a valid Windows image. Please check this against your installation diskette.

Record Number: 15655
Source Name: Application Popup
Time Written: 20090107141721.000000-360
Event Type: information
User:

Computer Name: UNDERHI-JT93DH1
Event Code: 26
Message: Application popup: bcmwltry.exe - Bad Image : The application or DLL C:\WINDOWS\system32\zotepuwa.dll is not a valid Windows image. Please check this against your installation diskette.

Record Number: 15654
Source Name: Application Popup
Time Written: 20090107141720.000000-360
Event Type: information
User:

Computer Name: UNDERHI-JT93DH1
Event Code: 6005
Message: The Event log service was started.

Record Number: 15653
Source Name: EventLog
Time Written: 20090107141716.000000-360
Event Type: information
User:

Computer Name: UNDERHI-JT93DH1
Event Code: 6009
Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Multiprocessor Free.

Record Number: 15652
Source Name: EventLog
Time Written: 20090107141716.000000-360
Event Type: information
User:

Application event log

Computer Name: UNDERHI-JT93DH1
Event Code: 13
Message:
LiveUpdate returned a non-critical error. Available content updates may have failed to install.

Record Number: 4532
Source Name: SescLU
Time Written: 20081224102805.000000-360
Event Type: error
User:

Computer Name: UNDERHI-JT93DH1
Event Code: 15
Message: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Record Number: 4531
Source Name: AutoEnrollment
Time Written: 20081224102745.000000-360
Event Type: error
User:

Computer Name: UNDERHI-JT93DH1
Event Code: 4097
Message: The application, C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe, generated an application error
The error occurred on 12/23/2008 @ 09:06:34.812
The exception generated was c0000005 at address 0271C420 (CvGameCoreDLL!CvUnit__getTeam)

Record Number: 4530
Source Name: DrWatson
Time Written: 20081223090635.000000-360
Event Type: information
User:

Computer Name: UNDERHI-JT93DH1
Event Code: 1000
Message: Faulting application civ4beyondsword.exe, version 3.0.3.1, faulting module cvgamecoredll.dll, version 3.0.3.0, fault address 0x0018c420.

Record Number: 4529
Source Name: Application Error
Time Written: 20081223090631.000000-360
Event Type: error
User:

Computer Name: UNDERHI-JT93DH1
Event Code: 2
Message:


Scan Complete: Risks: 0 Scanned: 1083 Files/Folders/Drives Omitted: 0

Record Number: 4528
Source Name: Symantec AntiVirus
Time Written: 20081223073421.000000-360
Event Type: information
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SDROOT"=C:\Program Files\CA\DSM\SD
"CAI_MSQ"=C:\Program Files\CA\SC\CAM
"CAI_CAFT"=C:\Program Files\CA\SC\CAM
"CAI_MSQ_NOWV"=y
"CLASSPATH"=.;D:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=D:\Program Files\QuickTime\QTSystem\QTJava.zip
\

-----------------EOF-----------------

#6 tkoboxers1

tkoboxers1
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 14 January 2009 - 12:09 PM

And finaly the truly humongus GMER log

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-14 10:52:27
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT 895DC4A0 ZwAlertResumeThread
SSDT 895DC280 ZwAlertThread
SSDT 8A0BC100 ZwAllocateVirtualMemory
SSDT 8A5CA6F0 ZwConnectPort
SSDT 8A6B2008 ZwCreateMutant
SSDT 8A6DD1E0 ZwCreateThread
SSDT 8A5D0EF8 ZwFreeVirtualMemory
SSDT 895DD1E8 ZwImpersonateAnonymousToken
SSDT 895DD248 ZwImpersonateThread
SSDT 8A624538 ZwMapViewOfSection
SSDT 895DD2A8 ZwOpenEvent
SSDT 895D01E0 ZwOpenProcessToken
SSDT 8A5D8760 ZwOpenThreadToken
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) ZwProtectVirtualMemory [0x9EE452F0]
SSDT SysPlant.sys (Symantec CMC Firewall SysPlant/Symantec Corporation) ZwQueryDefaultLocale [0xB9CD2830]
SSDT 89B90230 ZwResumeThread
SSDT 895D0218 ZwSetContextThread
SSDT 89C71BA8 ZwSetInformationProcess
SSDT 8A6C1260 ZwSetInformationThread
SSDT 895DD730 ZwSuspendProcess
SSDT 895DB598 ZwSuspendThread
SSDT 89C38910 ZwTerminateProcess
SSDT 895DB110 ZwTerminateThread
SSDT 895DC220 ZwUnmapViewOfSection
SSDT 8A095708 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2BF4 80504490 2 Bytes [ A0, C4 ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D30 805045CC 2 Bytes [ 48, D2 ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2F18 805047B4 2 Bytes [ 18, 02 ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2FB8 80504854 2 Bytes [ 30, D7 ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2FC8 80504864 6 Bytes [ 10, 89, C3, 89, 10, B1 ]
.text ntkrnlpa.exe!KeReleaseInStackQueuedSpinLockFromDpcLevel + B5D 80541615 5 Bytes JMP B9CD3C30 SysPlant.sys (Symantec CMC Firewall SysPlant/Symantec Corporation)
.text ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364
.text ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E
.text ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8
.text ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412
.text ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C
.text ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486
.text ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0
.text ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA
.text ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\CA\SC\CAM\bin\cam.exe[164] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\SC\CAM\bin\cam.exe[164] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\SC\CAM\bin\cam.exe[164] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\SC\CAM\bin\cam.exe[164] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\SC\CAM\bin\cam.exe[164] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\SC\CAM\bin\cam.exe[164] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\SC\CAM\bin\cam.exe[164] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\SC\CAM\bin\cam.exe[164] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\SC\CAM\bin\cam.exe[164] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\SC\CAM\bin\cam.exe[164] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\SC\CAM\bin\cam.exe[164] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\SC\CAM\bin\cam.exe[164] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\WLTRYSVC.EXE[252] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\WLTRYSVC.EXE[252] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\WLTRYSVC.EXE[252] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\WLTRYSVC.EXE[252] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\WLTRYSVC.EXE[252] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\WLTRYSVC.EXE[252] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\WLTRYSVC.EXE[252] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\WLTRYSVC.EXE[252] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\WLTRYSVC.EXE[252] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\WLTRYSVC.EXE[252] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\WLTRYSVC.EXE[252] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\WLTRYSVC.EXE[252] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\bcmwltry.exe[288] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\bcmwltry.exe[288] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\bcmwltry.exe[288] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\bcmwltry.exe[288] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\bcmwltry.exe[288] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\bcmwltry.exe[288] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\bcmwltry.exe[288] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\bcmwltry.exe[288] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\bcmwltry.exe[288] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\bcmwltry.exe[288] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\bcmwltry.exe[288] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\bcmwltry.exe[288] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[296] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[296] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[296] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[296] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[296] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[296] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[296] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[296] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[296] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[296] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[296] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[296] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)

.text C:\WINDOWS\System32\svchost.exe[424] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[424] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[424] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[424] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[424] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[424] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[424] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[424] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[424] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[424] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[424] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\svchost.exe[424] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[448] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[448] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[448] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[448] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[448] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[448] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[448] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[448] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[448] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[448] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[448] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[448] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[532] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[532] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[532] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[532] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[532] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[532] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[532] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[532] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[532] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[532] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[532] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[532] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[616] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[616] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[616] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[616] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[616] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[616] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[616] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[616] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[616] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[616] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[616] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[616] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe[692] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe[692] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe[692] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe[692] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe[692] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe[692] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe[692] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe[692] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe[692] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe[692] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe[692] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe[692] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[792] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[792] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[792] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[792] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[792] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[792] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[792] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[792] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[792] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[792] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[792] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[792] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[812] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[812] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[812] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[812] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[812] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[812] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[812] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[812] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[812] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[812] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[812] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Messenger\msmsgs.exe[812] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[952] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[952] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[952] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[952] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[952] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[952] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[952] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[952] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[952] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[952] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[952] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[952] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[996] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[996] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[996] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[996] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[996] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[996] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[996] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[996] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[996] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[996] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[996] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[996] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text D:\Program Files\IBM\Lotus\Notes\nslsvice.exe[1016] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text D:\Program Files\IBM\Lotus\Notes\nslsvice.exe[1016] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text D:\Program Files\IBM\Lotus\Notes\nslsvice.exe[1016] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text D:\Program Files\IBM\Lotus\Notes\nslsvice.exe[1016] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text D:\Program Files\IBM\Lotus\Notes\nslsvice.exe[1016] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text D:\Program Files\IBM\Lotus\Notes\nslsvice.exe[1016] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text D:\Program Files\IBM\Lotus\Notes\nslsvice.exe[1016] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text D:\Program Files\IBM\Lotus\Notes\nslsvice.exe[1016] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text D:\Program Files\IBM\Lotus\Notes\nslsvice.exe[1016] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text D:\Program Files\IBM\Lotus\Notes\nslsvice.exe[1016] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text D:\Program Files\IBM\Lotus\Notes\nslsvice.exe[1016] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text D:\Program Files\IBM\Lotus\Notes\nslsvice.exe[1016] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1104] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1104] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1104] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1104] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1104] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1104] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1104] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1104] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1104] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1104] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1104] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1104] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\hkcmd.exe[1292] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\hkcmd.exe[1292] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\hkcmd.exe[1292] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\hkcmd.exe[1292] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\hkcmd.exe[1292] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\hkcmd.exe[1292] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\hkcmd.exe[1292] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\hkcmd.exe[1292] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\hkcmd.exe[1292] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\hkcmd.exe[1292] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\hkcmd.exe[1292] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\hkcmd.exe[1292] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\igfxtray.exe[1408] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\igfxtray.exe[1408] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\igfxtray.exe[1408] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\igfxtray.exe[1408] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\igfxtray.exe[1408] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\igfxtray.exe[1408] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\igfxtray.exe[1408] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\igfxtray.exe[1408] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\igfxtray.exe[1408] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\igfxtray.exe[1408] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\igfxtray.exe[1408] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\igfxtray.exe[1408] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\SCardSvr.exe[1508] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\SCardSvr.exe[1508] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\SCardSvr.exe[1508] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\SCardSvr.exe[1508] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\SCardSvr.exe[1508] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\SCardSvr.exe[1508] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\SCardSvr.exe[1508] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\SCardSvr.exe[1508] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\SCardSvr.exe[1508] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\SCardSvr.exe[1508] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\SCardSvr.exe[1508] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\SCardSvr.exe[1508] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1652] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1652] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1652] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1652] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1652] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1652] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1652] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1652] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1652] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1652] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1652] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\services.exe[1652] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1664] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1664] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1664] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1664] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1664] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1664] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1664] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1664] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1664] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1664] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1664] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\lsass.exe[1664] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1876] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1876] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1876] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1876] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1876] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1876] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1876] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1876] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1876] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1876] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1876] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1876] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text D:\Program Files\IBM\Lotus\Notes\ntmulti.exe[1908] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text D:\Program Files\IBM\Lotus\Notes\ntmulti.exe[1908] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text D:\Program Files\IBM\Lotus\Notes\ntmulti.exe[1908] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text D:\Program Files\IBM\Lotus\Notes\ntmulti.exe[1908] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text D:\Program Files\IBM\Lotus\Notes\ntmulti.exe[1908] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text D:\Program Files\IBM\Lotus\Notes\ntmulti.exe[1908] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text D:\Program Files\IBM\Lotus\Notes\ntmulti.exe[1908] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text D:\Program Files\IBM\Lotus\Notes\ntmulti.exe[1908] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text D:\Program Files\IBM\Lotus\Notes\ntmulti.exe[1908] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text D:\Program Files\IBM\Lotus\Notes\ntmulti.exe[1908] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text D:\Program Files\IBM\Lotus\Notes\ntmulti.exe[1908] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text D:\Program Files\IBM\Lotus\Notes\ntmulti.exe[1908] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1960] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1960] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1960] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1960] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1960] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1960] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1960] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1960] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1960] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1960] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1960] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1960] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\WLTRAY.exe[2088] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\WLTRAY.exe[2088] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\WLTRAY.exe[2088] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\WLTRAY.exe[2088] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\WLTRAY.exe[2088] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\WLTRAY.exe[2088] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\WLTRAY.exe[2088] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\WLTRAY.exe[2088] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\WLTRAY.exe[2088] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\WLTRAY.exe[2088] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\WLTRAY.exe[2088] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\WLTRAY.exe[2088] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2124] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2124] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2124] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2124] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2124] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2124] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2124] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2124] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2124] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2124] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2124] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2124] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\PMAgent\capmuamagt.exe[2168] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\PMAgent\capmuamagt.exe[2168] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\PMAgent\capmuamagt.exe[2168] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\PMAgent\capmuamagt.exe[2168] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\PMAgent\capmuamagt.exe[2168] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\PMAgent\capmuamagt.exe[2168] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\PMAgent\capmuamagt.exe[2168] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\PMAgent\capmuamagt.exe[2168] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\PMAgent\capmuamagt.exe[2168] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\PMAgent\capmuamagt.exe[2168] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\PMAgent\capmuamagt.exe[2168] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\PMAgent\capmuamagt.exe[2168] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\ApMsgFwd.exe[2224] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\ApMsgFwd.exe[2224] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\ApMsgFwd.exe[2224] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\ApMsgFwd.exe[2224] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\ApMsgFwd.exe[2224] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\ApMsgFwd.exe[2224] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\ApMsgFwd.exe[2224] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\ApMsgFwd.exe[2224] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\ApMsgFwd.exe[2224] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\ApMsgFwd.exe[2224] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\ApMsgFwd.exe[2224] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\ApMsgFwd.exe[2224] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2280] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2280] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2280] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2280] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2280] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2280] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2280] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2280] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2280] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2280] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2280] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\svchost.exe[2280] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\ccsmagtd.exe[2304] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\ccsmagtd.exe[2304] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\ccsmagtd.exe[2304] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\ccsmagtd.exe[2304] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\ccsmagtd.exe[2304] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\ccsmagtd.exe[2304] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\ccsmagtd.exe[2304] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\ccsmagtd.exe[2304] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\ccsmagtd.exe[2304] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\ccsmagtd.exe[2304] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\ccsmagtd.exe[2304] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\ccsmagtd.exe[2304] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2328] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2328] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2328] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2328] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2328] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2328] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2328] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2328] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2328] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2328] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2328] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2328] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\ccnfagent.exe[2396] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\ccnfagent.exe[2396] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\ccnfagent.exe[2396] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\ccnfagent.exe[2396] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\ccnfagent.exe[2396] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\ccnfagent.exe[2396] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\ccnfagent.exe[2396] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\ccnfagent.exe[2396] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\ccnfagent.exe[2396] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\ccnfagent.exe[2396] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\ccnfagent.exe[2396] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\ccnfagent.exe[2396] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2428] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2428] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2428] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2428] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2428] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2428] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2428] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2428] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2428] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2428] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2428] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2428] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\VMware\VMware Player\hqtray.exe[2476] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\VMware\VMware Player\hqtray.exe[2476] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\VMware\VMware Player\hqtray.exe[2476] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\VMware\VMware Player\hqtray.exe[2476] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\VMware\VMware Player\hqtray.exe[2476] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\VMware\VMware Player\hqtray.exe[2476] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\VMware\VMware Player\hqtray.exe[2476] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\VMware\VMware Player\hqtray.exe[2476] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\VMware\VMware Player\hqtray.exe[2476] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\VMware\VMware Player\hqtray.exe[2476] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\VMware\VMware Player\hqtray.exe[2476] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\VMware\VMware Player\hqtray.exe[2476] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2520] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2520] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2520] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2520] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2520] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2520] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2520] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2520] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2520] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2520] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2520] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2520] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe[2928] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe[2928] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe[2928] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe[2928] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe[2928] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe[2928] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe[2928] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe[2928] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe[2928] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe[2928] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe[2928] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe[2928] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\vmnetdhcp.exe[3052] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\vmnetdhcp.exe[3052] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\vmnetdhcp.exe[3052] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\vmnetdhcp.exe[3052] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\vmnetdhcp.exe[3052] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\vmnetdhcp.exe[3052] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\vmnetdhcp.exe[3052] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\vmnetdhcp.exe[3052] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\vmnetdhcp.exe[3052] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\vmnetdhcp.exe[3052] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\vmnetdhcp.exe[3052] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\vmnetdhcp.exe[3052] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3160] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3160] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3160] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3160] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3160] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3160] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3160] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3160] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3160] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3160] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3160] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3160] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\vmnat.exe[3236] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\vmnat.exe[3236] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\vmnat.exe[3236] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\vmnat.exe[3236] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\vmnat.exe[3236] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\vmnat.exe[3236] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\vmnat.exe[3236] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\vmnat.exe[3236] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\vmnat.exe[3236] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\vmnat.exe[3236] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\vmnat.exe[3236] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\vmnat.exe[3236] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\HidFind.exe[3320] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\HidFind.exe[3320] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\HidFind.exe[3320] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\HidFind.exe[3320] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\HidFind.exe[3320] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\HidFind.exe[3320] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\HidFind.exe[3320] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\HidFind.exe[3320] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\HidFind.exe[3320] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\HidFind.exe[3320] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\HidFind.exe[3320] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\HidFind.exe[3320] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[3328] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[3328] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[3328] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[3328] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[3328] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[3328] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[3328] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[3328] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[3328] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[3328] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[3328] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\Explorer.EXE[3328] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\Apntex.exe[3352] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\Apntex.exe[3352] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\Apntex.exe[3352] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\Apntex.exe[3352] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\Apntex.exe[3352] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\Apntex.exe[3352] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\Apntex.exe[3352] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\Apntex.exe[3352] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\Apntex.exe[3352] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\Apntex.exe[3352] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\Apntex.exe[3352] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\Apntex.exe[3352] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\cfsmsmd.exe[3376] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\cfsmsmd.exe[3376] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\cfsmsmd.exe[3376] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\cfsmsmd.exe[3376] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\cfsmsmd.exe[3376] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\cfsmsmd.exe[3376] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\cfsmsmd.exe[3376] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\cfsmsmd.exe[3376] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\cfsmsmd.exe[3376] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\cfsmsmd.exe[3376] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\cfsmsmd.exe[3376] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\cfsmsmd.exe[3376] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\igfxpers.exe[3404] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\igfxpers.exe[3404] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\igfxpers.exe[3404] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\igfxpers.exe[3404] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\igfxpers.exe[3404] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\igfxpers.exe[3404] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\igfxpers.exe[3404] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\igfxpers.exe[3404] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\igfxpers.exe[3404] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\igfxpers.exe[3404] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\igfxpers.exe[3404] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\igfxpers.exe[3404] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\cfftplugin.exe[3484] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\cfftplugin.exe[3484] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\cfftplugin.exe[3484] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\cfftplugin.exe[3484] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\cfftplugin.exe[3484] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\cfftplugin.exe[3484] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\cfftplugin.exe[3484] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\cfftplugin.exe[3484] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\cfftplugin.exe[3484] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\cfftplugin.exe[3484] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\cfftplugin.exe[3484] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\cfftplugin.exe[3484] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\Apoint.exe[3516] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\Apoint.exe[3516] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\Apoint.exe[3516] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\Apoint.exe[3516] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\Apoint.exe[3516] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\Apoint.exe[3516] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\Apoint.exe[3516] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\Apoint.exe[3516] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\Apoint.exe[3516] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\Apoint.exe[3516] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\Apoint.exe[3516] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\DellTPad\Apoint.exe[3516] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\amswmagt.exe[3544] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\amswmagt.exe[3544] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\amswmagt.exe[3544] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\amswmagt.exe[3544] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\amswmagt.exe[3544] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\amswmagt.exe[3544] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\amswmagt.exe[3544] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\amswmagt.exe[3544] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\amswmagt.exe[3544] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\amswmagt.exe[3544] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\amswmagt.exe[3544] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\amswmagt.exe[3544] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)

.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3784] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3784] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3784] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3784] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3784] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3784] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3784] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3784] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3784] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3784] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3784] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3784] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\bin\caf.exe[3816] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\bin\caf.exe[3816] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\bin\caf.exe[3816] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\bin\caf.exe[3816] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\bin\caf.exe[3816] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\bin\caf.exe[3816] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\bin\caf.exe[3816] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\bin\caf.exe[3816] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\bin\caf.exe[3816] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\bin\caf.exe[3816] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\bin\caf.exe[3816] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\bin\caf.exe[3816] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3824] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3824] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3824] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3824] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3824] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3824] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3824] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3824] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3824] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3824] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3824] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3824] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\rundll32.exe[3972] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\rundll32.exe[3972] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\rundll32.exe[3972] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\rundll32.exe[3972] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\rundll32.exe[3972] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\rundll32.exe[3972] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\rundll32.exe[3972] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\rundll32.exe[3972] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\rundll32.exe[3972] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\rundll32.exe[3972] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\rundll32.exe[3972] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\rundll32.exe[3972] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\igfxsrvc.exe[4008] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\igfxsrvc.exe[4008] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\igfxsrvc.exe[4008] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\igfxsrvc.exe[4008] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\igfxsrvc.exe[4008] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\igfxsrvc.exe[4008] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\igfxsrvc.exe[4008] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\igfxsrvc.exe[4008] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\igfxsrvc.exe[4008] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\igfxsrvc.exe[4008] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\igfxsrvc.exe[4008] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\system32\igfxsrvc.exe[4008] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe[4020] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe[4020] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe[4020] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe[4020] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe[4020] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe[4020] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe[4020] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe[4020] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe[4020] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe[4020] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe[4020] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe[4020] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\VMware\VMware Player\vmware-authd.exe[4084] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\VMware\VMware Player\vmware-authd.exe[4084] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\VMware\VMware Player\vmware-authd.exe[4084] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\VMware\VMware Player\vmware-authd.exe[4084] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\VMware\VMware Player\vmware-authd.exe[4084] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\VMware\VMware Player\vmware-authd.exe[4084] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\VMware\VMware Player\vmware-authd.exe[4084] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\VMware\VMware Player\vmware-authd.exe[4084] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\VMware\VMware Player\vmware-authd.exe[4084] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\VMware\VMware Player\vmware-authd.exe[4084] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\VMware\VMware Player\vmware-authd.exe[4084] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\VMware\VMware Player\vmware-authd.exe[4084] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4540] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4540] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4540] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4540] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4540] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4540] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4540] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4540] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4540] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4540] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4540] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4540] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[5300] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[5300] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[5300] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[5300] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[5300] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[5300] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[5300] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[5300] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[5300] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[5300] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[5300] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\WINDOWS\System32\alg.exe[5300] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\DOCUME~1\user\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[5484] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\DOCUME~1\user\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[5484] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\DOCUME~1\user\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[5484] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\DOCUME~1\user\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[5484] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\DOCUME~1\user\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[5484] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\DOCUME~1\user\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[5484] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\DOCUME~1\user\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[5484] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\DOCUME~1\user\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[5484] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\DOCUME~1\user\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[5484] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6120] ntdll.dll!NtCreateFile + 5 7C90D095 5 Bytes JMP 6176A2F0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6120] ntdll.dll!NtCreateKey + 5 7C90D0D5 5 Bytes JMP 6176A32A C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6120] ntdll.dll!NtCreateThread + 5 7C90D195 5 Bytes JMP 6176A364 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6120] ntdll.dll!NtDeleteFile + 5 7C90D225 5 Bytes JMP 6176A39E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6120] ntdll.dll!NtDeleteValueKey + 5 7C90D255 5 Bytes JMP 6176A3D8 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6120] ntdll.dll!NtMapViewOfSection + 5 7C90D505 5 Bytes JMP 6176A412 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6120] ntdll.dll!NtOpenFile + 5 7C90D585 5 Bytes JMP 6176A44C C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6120] ntdll.dll!NtOpenKey + 5 7C90D5B5 5 Bytes JMP 6176A486 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6120] ntdll.dll!NtRenameKey + 5 7C90DA45 5 Bytes JMP 6176A4C0 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6120] ntdll.dll!NtSetInformationFile + 5 7C90DC45 5 Bytes JMP 6176A4FA C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6120] ntdll.dll!NtSetValueKey + 5 7C90DDB5 5 Bytes JMP 6176A534 C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6120] ntdll.dll!NtTerminateProcess + 5 7C90DE55 5 Bytes JMP 6176A56E C:\WINDOWS\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation)

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbehci \Device\USBFDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device \Driver\usbhub \Device\000000ae hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-4 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-5 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-6 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbehci \Device\USBFDO-7 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbehci \Device\USBPDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-4 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-5 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000a2 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-6 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbehci \Device\USBPDO-7 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000a4 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000b0 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\USBPDO-8 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000a6 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000b2 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000a8 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000b4 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device 9BB3AD20

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- EOF - GMER 1.0.14 ----


Hopefuly one of these helps.
Thanks alot.

#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 15 January 2009 - 01:37 AM

IMPORTANT!! Uninstall these programs first (if present..) so that they won't interfere with our fixes..

1. Lavasoft Ad-Aware
2. Spybot - Search & Destroy
3. Viewpoint (all of them..)




Please download JavaRa to your desktop and unzip it to its own folder. <<MIRROR>>
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
Then, please download and install the latest Java from HERE




NEXT


Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :services
    
    :files
    C:\WINDOWS\system32\zotepuwa.dll
    c:\windows\system32\denekilo.dll
    C:\WINDOWS\system32\tatunulo.dll
    C:\WINDOWS\system32\denekilo.dll
    C:\WINDOWS\system32\lohemifa.dll
    C:\WINDOWS\system32\yinuyoni.dll
    C:\WINDOWS\system32\gidopafi.dll
    C:\WINDOWS\system32\nubobevu.dll
    
    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"=""
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##maog#edited2004]
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Run RSIT again... Post these logs in your next reply..

1. OTMoveIt3
2. RSIT log.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 tkoboxers1

tkoboxers1
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 16 January 2009 - 10:29 AM

Hi,
Sorry for taking a while to get back. Have updated JAVA also just had hijackthis fix the 020 errors this then brought up a spybot window asking me if I wanted to delete the regestry key have done this and it has removed the .dll errors on startup or on double clicking anything. Still have the backups of these changes so can bring them back.
What does OTMoveit3 do and do I still need to run this if the problem appears gone.
That said have run netstat -b and seem to see a hell of a lot of CA Unicenter process's running mulitple cam.exe, caf.exe I have to scroll up to see them all which doesnt seem right also there is a proccess running a file called lucoms~1.exe which is using akamaitechnolgies for the foreign address apparently lucoms~1.exe is a norton process I believe this is owned by synamtic but wouldnt this be different from synamtic end point protection?
Please let me know what you think I should do from here.
Thanks

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 16 January 2009 - 10:40 AM

Well, since the computer is not in fron't of me, what can I tell you is, based on the logs produced by scanners that you ran, the computer is infected by trojan Vundo..

So, from the last log you posted here, I still can see several bad files that need to get rid off..

I suggest you do as per my previous instruction and post the logs here...


There's a lot of ways to fix a computer if it is in front of our eyes, but since we do this online, and I can't see the computer, this is the way we do it :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 tkoboxers1

tkoboxers1
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 16 January 2009 - 11:41 AM

Uninstalled spybot search and destroy as told and downloaded OTmoveit3 as told however when I check run nothing seems to happen.
Any ideas.
Thanks

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 16 January 2009 - 12:05 PM

Lets do this instead...


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 tkoboxers1

tkoboxers1
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 16 January 2009 - 12:22 PM

Hi,
Seems computer just needed restarting to run moveit. Here is log for moveit

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
LoadLibrary failed for C:\WINDOWS\system32\zotepuwa.dll
C:\WINDOWS\system32\zotepuwa.dll NOT unregistered.
C:\WINDOWS\system32\zotepuwa.dll moved successfully.
LoadLibrary failed for c:\windows\system32\denekilo.dll
c:\windows\system32\denekilo.dll NOT unregistered.
c:\windows\system32\denekilo.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\tatunulo.dll
C:\WINDOWS\system32\tatunulo.dll NOT unregistered.
C:\WINDOWS\system32\tatunulo.dll moved successfully.
File/Folder C:\WINDOWS\system32\denekilo.dll not found.
LoadLibrary failed for C:\WINDOWS\system32\lohemifa.dll
C:\WINDOWS\system32\lohemifa.dll NOT unregistered.
C:\WINDOWS\system32\lohemifa.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\yinuyoni.dll
C:\WINDOWS\system32\yinuyoni.dll NOT unregistered.
C:\WINDOWS\system32\yinuyoni.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\gidopafi.dll
C:\WINDOWS\system32\gidopafi.dll NOT unregistered.
C:\WINDOWS\system32\gidopafi.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\nubobevu.dll
C:\WINDOWS\system32\nubobevu.dll NOT unregistered.
C:\WINDOWS\system32\nubobevu.dll moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##maog#edited2004\\ not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7b0.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_b0.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_f48.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\vmware-vmount.log scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01162009_110256

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_7b0.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_b0.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_f48.dat not found!
File move failed. C:\WINDOWS\temp\vmware-vmount.log scheduled to be moved on reboot.

And here is RSIT log

Logfile of random's system information tool 1.05 (written by random/random)
Run by at 2009-01-16 01:09:50
Microsoft Windows XP Professional Service Pack 3
System drive C: has 34 GB (67%) free of 51 GB
Total RAM: 3536 MB (83% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:54 AM, on 01/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe
C:\Program Files\CA\SC\CAM\bin\cam.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\IBM\Lotus\Notes\nslsvice.exe
D:\Program Files\IBM\Lotus\Notes\ntmulti.exe
D:\edited\Oracle\Oracle10g\bin\ocssd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe

C:\Program Files\CA\DSM\bin\caf.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\CA\DSM\Bin\cfsmsmd.exe
C:\Program Files\CA\DSM\Bin\ccnfagent.exe
C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe
C:\Program Files\CA\DSM\Bin\ccsmagtd.exe
C:\Program Files\CA\DSM\Bin\amswmagt.exe
C:\Program Files\CA\DSM\PMAgent\capmuamagt.exe
C:\Program Files\CA\DSM\Bin\cfftplugin.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellTPad\HidFind.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\user\Desktop\RSIT.exe
C:\HJT_programbackups\underhia.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.edited.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DsmSxplog] "C:\Program Files\CA\DSM\Bin\sxpstub.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CAF_SystemTray] "C:\Program Files\CA\DSM\bin\cfSysTray.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\DOCUME~1\user\LOCALS~1\Temp\IXP000.TMP\InstallerControl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.edited.com
O17 - HKLM\Software\..\Telephony: DomainName = corp.edited.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.edited.com
O20 - Winlogon Notify: CAF - C:\Program Files\CA\DSM\Bin\cfwlogon.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CA Message Queuing Server (CA-MessageQueuing) - CA, Inc. - C:\Program Files\CA\SC\CAM\bin\cam.exe
O23 - Service: CA DSM r11 Common Application Framework. (caf) - CA - C:\Program Files\CA\DSM\bin\caf.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lotus Notes Single Logon - IBM Corp - D:\Program Files\IBM\Lotus\Notes\nslsvice.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - D:\Program Files\IBM\Lotus\Notes\ntmulti.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OracleCSService - Unknown owner - D:\edited\Oracle\Oracle10g\bin\ocssd.exe
O23 - Service: Oracleedited10gSNMPPeerEncapsulator - Unknown owner - D:\edited\Oracle\Oracle10g\BIN\ENCSVC.EXE
O23 - Service: Oracleedited10gSNMPPeerMasterAgent - Unknown owner - D:\edited\Oracle\Oracle10g\BIN\AGNTSVC.EXE
O23 - Service: OracleServiceWAT6 - Oracle Corporation - d:\edited\oracle\oracle10g\bin\ORACLE.EXE
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

O23 - Service: editedService - Unknown owner - C:\WINDOWS\system32\editedService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12400 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-16 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-24 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-16 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-16 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VMware hqtray"=C:\Program Files\VMware\VMware Player\hqtray.exe [2008-03-03 55856]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2008-05-22 442467]
"QuickTime Task"=D:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-07-09 141848]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2008-02-26 128296]
"nwiz"=nwiz.exe /installquiet []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-04-16 86016]
"NVHotkey"=C:\WINDOWS\system32\nvHotkey.dll [2008-04-16 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-04-16 13529088]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-07-09 150040]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-06-15 178712]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-07-09 170520]
"DsmSxplog"=C:\Program Files\CA\DSM\Bin\sxpstub.exe [2007-10-28 24328]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-01-31 115560]
"CAF_SystemTray"=C:\Program Files\CA\DSM\bin\cfSysTray.exe [2007-10-28 124168]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2008-06-02 2220032]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2008-04-30 196608]
"AESTFltr"=C:\WINDOWS\system32\AESTFltr.exe [2008-04-01 466944]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-16 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-24 68856]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\CAF]
C:\Program Files\CA\DSM\Bin\cfwlogon.dll [2007-10-28 27400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-06-27 212992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe"="C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service"
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE"="C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service"
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\National Instruments\MAX\NIMax.exe"="C:\Program Files\National Instruments\MAX\NIMax.exe:*:Enabled:NIMax"
"D:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.5.0.SR4-200707311521\jre\bin\notes2w.exe"="D:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.5.0.SR4-200707311521\jre\bin\notes2w.exe:*:Enabled:Lotus Notes"
"D:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.6.0.20080709-200808010926\jre\bin\notes2w.exe"="D:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.6.0.20080709-200808010926\jre\bin\notes2w.exe:*:Disabled:Lotus Notes"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\National Instruments\MAX\NIMax.exe"="C:\Program Files\National Instruments\MAX\NIMax.exe:*:Enabled:NIMax"
"D:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.6.0.20080709-200808010926\jre\bin\notes2w.exe"="D:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.6.0.20080709-200808010926\jre\bin\notes2w.exe:*:Enabled:Lotus Notes"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##maog#edited2004]
shell\AutoRun\command - wscript.exe .\.vbs
shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\DTSP_Launcher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c1e40b6-b823-11dd-b324-005056c00008}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7876bf92-dcf8-11dd-b33e-005056c00008}]
shell\AutoRun\command - F:\DTSP_Launcher.exe


======List of files/folders created in the last 3 months======

2009-01-16 11:09:50 ----D---- C:\rsit
2009-01-16 11:02:56 ----D---- C:\_OTMoveIt
2009-01-16 10:33:19 ----D---- C:\WINDOWS\Sun
2009-01-16 10:31:37 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-16 10:31:37 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-16 10:31:24 ----D---- C:\Program Files\Java
2009-01-16 10:30:35 ----D---- C:\Documents and Settings\user\Application Data\Sun
2009-01-14 13:45:12 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-14 08:47:24 ----D---- C:\HJT_programbackups
2009-01-13 20:21:04 ----D---- C:\WINDOWS\Minidump
2009-01-13 17:04:01 ----SHD---- C:\Config.Msi
2009-01-12 21:03:22 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-12 21:00:36 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-12 18:32:31 ----D---- C:\Documents and Settings\user\Application Data\WinRAR
2009-01-12 17:45:22 ----D---- C:\WINDOWS\ERUNT
2009-01-12 17:38:37 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-12 15:58:06 ----D---- C:\Documents and Settings\user\Application Data\Malwarebytes
2009-01-12 15:57:46 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-12 15:57:46 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-12 08:53:40 ----D---- C:\Documents and Settings\user\Application Data\Saba
2009-01-12 08:53:08 ----D---- C:\Documents and Settings\user\Application Data\Centra
2009-01-12 08:52:51 ----D---- C:\Program Files\Centra
2009-01-07 14:23:18 ----D---- C:\WINDOWS\$MassLynxRepair$
2009-01-07 14:23:18 ----D---- C:\Program Files\Micromass Utilities
2009-01-07 14:23:17 ----D---- C:\MassLynx
2009-01-07 14:22:21 ----D---- C:\Documents_and_Settings
2009-01-07 14:21:48 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-07 14:21:48 ----A---- C:\WINDOWS\system32\java.exe
2009-01-05 09:03:10 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-01-05 09:03:10 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-17 16:41:27 ----D---- C:\Program Files\Windows Live Safety Center
2008-12-17 16:24:04 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-17 16:23:52 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-17 16:23:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-17 16:23:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-17 16:23:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-17 16:21:33 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-17 16:19:37 ----A---- C:\WINDOWS\system32\SETF3.tmp
2008-12-17 16:19:36 ----A---- C:\WINDOWS\system32\SETF5.tmp
2008-12-17 16:19:36 ----A---- C:\WINDOWS\system32\SETF4.tmp
2008-12-17 16:19:35 ----A---- C:\WINDOWS\system32\SETF6.tmp
2008-12-03 17:53:18 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2008-12-03 17:53:18 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2008-12-03 17:53:17 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2008-12-03 17:53:17 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2008-12-03 17:53:17 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2008-12-03 17:53:17 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2008-12-03 17:53:17 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2008-12-03 17:53:17 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2008-12-03 17:53:17 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2008-12-03 17:53:17 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2008-12-03 17:53:16 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-12-03 17:53:16 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-12-03 17:53:16 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-12-03 17:53:16 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-12-03 17:53:16 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2008-12-03 17:53:16 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-12-03 17:53:16 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2008-12-03 17:53:16 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-12-03 17:53:16 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2008-12-03 17:53:16 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-12-03 17:53:15 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-12-03 17:53:15 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-12-03 17:53:15 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2008-12-03 17:53:15 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-12-03 17:53:15 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-12-03 17:53:15 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-12-03 17:53:15 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-12-03 17:53:14 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-12-03 17:53:14 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2008-12-03 17:53:14 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2008-12-03 17:53:14 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-12-03 17:53:13 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2008-12-03 17:53:13 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2008-12-03 17:53:13 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2008-12-03 17:53:13 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2008-12-03 17:53:13 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2008-12-03 17:53:13 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2008-12-03 17:53:13 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2008-12-03 17:53:13 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2008-12-03 17:53:12 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2008-12-03 17:53:12 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2008-12-03 17:53:12 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2008-12-03 17:53:12 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-12-03 17:53:11 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2008-12-03 17:53:11 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2008-12-03 17:53:11 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2008-12-03 17:53:10 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-12-03 17:53:10 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2008-12-03 17:53:10 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-12-03 17:53:10 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-12-03 17:53:10 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2008-12-03 17:53:10 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-12-03 17:53:10 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-12-03 17:53:09 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-12-03 17:53:09 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-12-03 17:53:06 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-12-03 17:53:06 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-12-03 17:53:06 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-12-03 17:53:06 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-12-03 17:53:06 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-12-03 17:53:06 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-12-03 17:53:05 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-12-03 17:53:05 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-12-03 17:53:05 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-12-03 17:50:54 ----D---- C:\WINDOWS\Logs
2008-12-03 17:42:08 ----D---- C:\Documents and Settings\user\Application Data\My Games
2008-12-03 17:29:54 ----D---- C:\Program Files\Firaxis Games
2008-12-03 17:29:27 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-12-03 14:56:46 ----D---- C:\Documents and Settings\user\Application Data\WholeSecurity
2008-11-23 20:32:14 ----D---- C:\Documents and Settings\user\Application Data\Macromedia
2008-11-21 17:23:25 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-11-21 17:07:16 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-21 17:07:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-21 17:06:55 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-21 17:06:51 ----D---- C:\Program Files\MSXML 4.0
2008-11-05 11:09:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-05 11:09:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-05 11:09:49 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-05 11:09:44 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-05 11:09:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-05 11:08:35 ----HDC---- C:\WINDOWS\$NtUninstallKB953155$
2008-11-05 11:08:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-05 11:08:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-24 08:53:24 ----D---- C:\Documents and Settings\user\Application Data\Bullzip
2008-10-23 06:36:14 ----A---- C:\WINDOWS\system32\SETEF.tmp

======List of files/folders modified in the last 3 months======

2009-01-16 11:09:51 ----D---- C:\WINDOWS\system32\inetsrv
2009-01-16 11:07:38 ----D---- C:\WINDOWS\Temp
2009-01-16 11:07:31 ----D---- C:\WINDOWS
2009-01-16 11:06:56 ----D---- C:\WINDOWS\Prefetch
2009-01-16 11:06:04 ----D---- C:\Documents and Settings\All Users\Application Data\VMware
2009-01-16 11:04:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-16 11:03:05 ----D---- C:\WINDOWS\system32
2009-01-16 10:55:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-16 10:49:27 ----D---- C:\WINDOWS\system32\drivers
2009-01-16 10:43:51 ----SHD---- C:\WINDOWS\Installer
2009-01-16 10:43:49 ----RD---- C:\Program Files
2009-01-16 10:33:18 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-16 10:06:50 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-14 13:45:45 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-01-14 13:45:24 ----HD---- C:\WINDOWS\inf
2009-01-14 13:45:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-14 13:45:06 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-14 13:40:42 ----D---- C:\Program Files\Common Files
2009-01-13 20:21:07 ----SHD---- C:\WINDOWS\CSC
2009-01-13 17:05:46 ----A---- C:\WINDOWS\imsins.BAK
2009-01-13 17:04:05 ----D---- C:\WINDOWS\system32\appmgmt
2009-01-12 21:04:17 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-12 08:35:14 ----SHD---- C:\System Volume Information
2009-01-12 08:35:14 ----D---- C:\WINDOWS\system32\Restore
2009-01-12 08:32:28 ----SH---- C:\boot.ini
2009-01-12 08:32:28 ----A---- C:\WINDOWS\win.ini
2009-01-12 08:32:28 ----A---- C:\WINDOWS\system.ini
2009-01-07 20:20:26 ----D---- C:\WINDOWS\Help
2009-01-07 20:16:13 ----D---- C:\WINDOWS\pss
2009-01-07 14:21:13 ----D---- C:\Program Files\Common Files\InstallShield
2008-12-22 15:55:32 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-22 15:40:53 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-22 15:40:50 ----D---- C:\WINDOWS\system32\DirectX
2008-12-22 15:40:41 ----RSD---- C:\WINDOWS\assembly
2008-12-19 10:29:29 ----D---- C:\WINDOWS\security
2008-12-12 11:01:00 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-03 17:40:37 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-03 17:29:29 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-25 07:38:19 ----D---- C:\WINDOWS\system32\Macromed
2008-11-21 17:32:19 ----SHD---- C:\RECYCLER
2008-11-21 17:06:52 ----D---- C:\WINDOWS\WinSxS
2008-11-21 08:36:48 ----D---- C:\Documents and Settings\user\Application Data\Juniper Networks
2008-11-07 16:45:32 ----A---- C:\WINDOWS\system32\WMVCore.dll
2008-10-23 06:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 04:06:59 ----N---- C:\WINDOWS\system32\tzchange.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2007-07-23 30064]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2008-03-21 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-10-30 191536]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WPS;WPS; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\Drivers\DLABMFSM.SYS [2007-07-23 37360]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\Drivers\DLABOIOM.SYS [2007-07-23 32848]
R2 DLADResM;DLADResM; C:\WINDOWS\System32\Drivers\DLADResM.SYS [2007-07-23 9104]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS [2007-07-23 108752]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS [2007-07-23 27216]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\Drivers\DLAPoolM.SYS [2007-07-23 16304]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS [2007-07-23 98448]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS [2007-07-23 93552]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2007-07-23 52000]
R2 hcmon;VMware hcmon; \??\C:\WINDOWS\system32\Drivers\hcmon.sys []
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 VMnetBridge;VMware Bridge Protocol; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [2008-03-03 28592]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys []
R2 vmx86;VMware vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys []
R2 vstor2;Vstor2 Virtual Storage Driver; \??\C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys []
R3 AESTAud;AE Audio Service; C:\WINDOWS\system32\drivers\AESTAud.sys [2008-05-20 108160]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2008-04-18 170032]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-06-02 1287552]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-02-04 37160]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-04-15 990632]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 cvusbdrv;Broadcom USH CV; C:\WINDOWS\System32\Drivers\cvusbdrv.sys [2008-05-09 29224]
R3 dsNcAdpt;Juniper Network Connect Adapter; C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2007-12-27 23552]
R3 e1yexpress;Intel® Gigabit Network Connections Driver; C:\WINDOWS\system32\DRIVERS\e1y5132.sys [2008-04-04 244368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-06-27 6023072]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service; C:\WINDOWS\system32\drivers\IntcHdmi.sys [2008-06-13 110080]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090115.040\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090115.040\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2008-03-21 279088]
R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2008-05-22 1381914]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-10-30 27696]
R3 Teefer2;Teefer2 Miniport; C:\WINDOWS\system32\DRIVERS\teefer2.sys [2008-03-12 49536]
R3 urvpndrv;F5 Networks VPN Adapter; C:\WINDOWS\system32\DRIVERS\urvpndrv.sys [2008-01-10 27904]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBCCID;USB Smart Card reader; C:\WINDOWS\system32\DRIVERS\usbccid.sys [2005-05-13 28672]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vmkbd;VMware kbd; \??\C:\WINDOWS\system32\drivers\VMkbd.sys []
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2008-03-03 16816]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 WpsHelper;WpsHelper; \??\C:\WINDOWS\system32\drivers\WpsHelper.sys []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-09-20 156392]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-03-27 47272]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys []
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 DFUBTUSB;WIDCOMM USB Bluetooth Driver in DFU State; C:\WINDOWS\System32\Drivers\frmupgr.sys []
S3 f5ipfw;F5 Networks StoneWall Filter; \??\C:\WINDOWS\system32\drivers\urfltw2k.sys []
S3 HECI;Intel® Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys []
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NETw5x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit ; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-04-16 6557760]
S3 NWDellPort2;Dell Wireless Mobile Broadband Status2 Port Driver; C:\WINDOWS\system32\DRIVERS\nwdelser2.sys [2007-11-02 166144]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2007-06-14 27072]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2008-03-21 317616]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-05-05 342672]
R2 caf;CA DSM r11 Common Application Framework.; C:\Program Files\CA\DSM\bin\caf.exe [2007-10-28 193800]
R2 CA-MessageQueuing;CA Message Queuing Server; C:\Program Files\CA\SC\CAM\bin\cam.exe [2006-12-12 147456]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-31 108392]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-31 108392]
R2 dsNcService;Juniper Network Connect Service; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [2008-10-15 427376]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-06-15 354840]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-16 152984]
R2 Lotus Notes Single Logon;Lotus Notes Single Logon; D:\Program Files\IBM\Lotus\Notes\nslsvice.exe [2008-08-08 31624]
R2 MSFtpsvc;FTP Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 Multi-user Cleanup Service;Multi-user Cleanup Service; D:\Program Files\IBM\Lotus\Notes\ntmulti.exe [2008-08-08 58760]
R2 OracleCSService;OracleCSService; D:\edited\Oracle\Oracle10g\bin\ocssd.exe [2005-02-15 830364]
R2 SmcService;Symantec Management Client; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [2008-05-09 2479488]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 STacSV;Audio Service; c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe [2008-05-22 221273]
R2 Symantec AntiVirus;Symantec Endpoint Protection; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2008-05-09 2240944]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Player\vmware-authd.exe [2008-03-03 109104]
R2 VMnetDHCP;VMware DHCP Service; C:\WINDOWS\system32\vmnetdhcp.exe [2008-03-03 121392]
R2 vmount2;VMware Virtual Mount Manager Extended; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe [2007-03-23 269104]
R2 VMware NAT Service;VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [2008-03-03 150064]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]

R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2008-06-02 24064]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-04-16 159812]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-23 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-23 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-28 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-13 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-08-11 3093872]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]


-----------------EOF-----------------

What did move it do? did it move trojan .dll's to quarantine??
Thanks

#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 16 January 2009 - 12:38 PM

Yup.. It moves the files into its quarantine folder :thumbsup:


Please show hidden files and folders
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
    • C:\WINDOWS\system32\editedService.exe
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
If VirScan.org server is too busy, please submit the file to VirusTotal instead.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#14 tkoboxers1

tkoboxers1
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 16 January 2009 - 02:03 PM

Hi,
File will not upload file not found. Second site said in spanish that it recieved an empty file. Tried searching for editedservice using windows search and nothing came up Tried scanning denekilo.dll from the OTmoveit moved files, it came back saying none of the scanners found a virus which I though was odd seeing as this is a part of trojan vundo.
Thanks

#15 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 16 January 2009 - 02:40 PM

O23 - Service: editedService - Unknown owner - C:\WINDOWS\system32\editedService.exe


Out of curiosity, do you edited that?

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users